Computer Crime Research Center

Cyber Terrorism : The new kind of Terrorism

Cyber Terrorism:
Computers and the internet are becoming an essential part of our daily life. They are being used by individuals and societies to make their life easier. They use them for storing information, processing data, sending and receiving messages, communications, controlling machines, typing, editing, designing, drawing, and almost all aspects of life.
The tremendous role of computers stimulated criminals and terrorists to make it their prefered tool for attacking their targets. The internet has provided a virtual battlefield for countries having problems with each other such as Taiwan against China, Israel against Palestine, India against Pakistan, China against the US, and many other countries.
This transformation in the methods of terrorism from traditional methods to electronic methods is becoming one of the biggest chalenges to modern societies.
In order to combat this type of terrorism a lot of effort should be done at the personal level, the country level, the regional level, as well as the international level to fight against this transnational type of crime.

Definition of The Term:
The FBI definition of terrorism:
"The unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives."

U.S. Department of State definition of terrorism:
"Premeditated politically motivated violence perpetrated against noncombatant targets by sub-national groups or clandestine agents"

Definition of Cyber Terrorism:
The FBI defined cyber terrorism as "The premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents".

The U.S. National Infrastructure Protection Center defined the term as:
"A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to particular political, social or ideological agenda".

James Lewis from the Center for Strategic and International Studies defined cyber terrorism as:
"The use of computer network tools to shut down critical national infrastructure (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population".

Who are cyber terrorists?
From American point of view the most dangerous terrorist group is Al-Qaeda which is considered the first enemy for the US. According to US officials data from computers seized in Afganistan indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure.
After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers launched Denial os Service (DoS) attacks against American web sites.
A study that covered the second half of the year 2002 showed that the most dangerous nation for originating malicious cyber attacks is the United States with 35.4% of the cases down from 40% for the first half of the same year. South Korea came next with 12.8% , followed by China 6.2% then Germany 6.7% then France 4% . The UK came number 9 with 2.2%.
According to the same study, Israel was the most active country in terms of number of cyber attacks related to the number of internet users.
There are so many groups who are very active in attacking their targets through the computers. The Unix Security Guards (USG) a pro Islamic group launched a lot of digital attacks in May 2002.
Another group called World's Fantabulas Defacers (WFD) attacked many Indian sites. Also there is another pro Pakistan group called Anti India Crew (AIC) who launched many cyber attacks against India.
There are so many Palestinian and Israeli groups fighting against each other through the means of digital attacks.

Why do they use cyber attacks?
Cyber terrorist prefer using the cyber attack methods because of many advantages for it.
It is Cheaper than traditional methods.
The action is very Difficult to be tracked.
They can hide their personalities and location.
There are no physical barriers or check points to cross.
They can do it remotely from anywhere in the world.
They can use this method to attack a big number of targets.
They can affect a large number of people.

What can they do?
On Oct. 21, 2002, a distributed denial of service (DDOS) attack struck the 13 root servers that provide the primary road-map for all internet communications. Nine servers out of these thirteen were jammed. The problem was taken care of in a short period of time.
According to Kevin Coleman (Oct. 10, 2003) the internet being down for just one day could disrupt nearly $6.5 billion worth of transactions.
At Worcester, Mass, in 1997, a hacker disabled the computer system of the airport control tower.
In the same year a hacker from Sweden jammed the 911 emergency telephone system in the west-central Florida. This indicates that an attck could be launched from anywhere in the world.
In 1998 attacks were launched against the NASA, the Navy, and the Department of Defense computer systems.
In 2000, someone hacked into Maroochy Shire, Australia waste management control system and released millions of gallons of raw sewage on the town.
In Russia In the year 2000, a hacker was able to control the computer system that govern the flow of natural gas through the pipelines.
Financial institutions have been subject to daily attacks or attack attempts. They are the most preferable targets for cyber criminals.
The Israeli cyber warfare professionals targeted human rights and anti-war activists across the U.S.A in late July and August 2002 disrupting communications, harassing hundreds of computer users, and annoying thousands more.

The danger of cyber terrorism:
General John Gordon, the White House Homeland Security Advisor, speaking at the RSA security conference in San Francisco, CA Feb. 25, 2004 indicated that whether someone detonates a bomb that cause bodily harm to innocent people or hacked into a web-based IT system in a way that could, for instance, take a power grid offline and result in blackout, the result is ostensibly the same. He also stated that the potential for a terrorist cyber attack is real.
In their paper, Jimmy Sproles and Will Byars said: "By the use of the internet the terrorist can affect much wider damage or change to a country than one could by killing some people. From disabling a countries military defenses to shutting off the power in a large area, the terrorist can affect more people at less risk, than through other means".
Cyber terrorists can destroy the economy of the country by attcking the critical infrastructure in the big towns such as electric power and water supply, still the blackout of the North Western states in the US in Aug. 15, 2003 is unknown whether it was a cterrorist act or not, or by attckig the banks and financial institutions and play with their computer systems.
Senator Jon Kyl, chairman of the senate judiciary subcommittee on terrorism, technology and homeland security mentioned that members of al-Qaeda have tried to target the electric power grids, transportation systems, and financial institutions.
In England the National High-Tech Crime Unit (NHTCU) survey showed that 97% of the UK companies were victims to cyber crime during the period from June 2002 to June 2003.
Cyber terrorists can endanger the security of the nation by targeting the sensitive and secret information (by stealing, disclosing, or destroying).

Efforts of combating cyber terrorism
The Interpol, with its 178 member countries, is doing a great job in fighting against cyber terrorism. They are helping all the member countries and training their personnel.
The Council of Europe Convention on Cyber Crime, which is the first international treaty for fighting against computer crime, is the result of 4 years work by experts from the 45 member and non-member countries including Japan, USA, and Canada. This treaty has already enforced after its ratification by Lithuania on 21st of March 2004.
The Association of South East Asia Nations (ASEAN) has set plans for sharing information on computer security. They are going to create a regional cyber-crime unit by the year 2005.

References

Collin, Barry C. "The Future of Cyber Terrorism"
Proceedings of 11th annual international symposium on criminal justice Issue.
The University of Chicage, IL, 1996